Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36342 | 1 Dell | 668 Alienware 13 R3, Alienware 13 R3 Firmware, Alienware 15 R3 and 665 more | 2022-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2022-22938 | 2 Microsoft, Vmware | 3 Windows, Horizon, Workstation | 2022-02-04 | 2.1 LOW | 6.5 MEDIUM |
| VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. | |||||
| CVE-2022-22992 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2022-02-03 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. | |||||
| CVE-2021-23760 | 1 Keyget Project | 1 Keyget | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048) | |||||
| CVE-2021-23558 | 1 Bmoor Project | 1 Bmoor | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) | |||||
| CVE-2021-23484 | 1 Zip-local Project | 1 Zip-local | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. | |||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2022-02-03 | 6.8 MEDIUM | 8.1 HIGH |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | |||||
| CVE-2021-46114 | 1 Jpress | 1 Jpress | 2022-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2022-23456 | 1 Hp | 1 Support Assistant | 2022-02-03 | 2.1 LOW | 5.5 MEDIUM |
| Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. | |||||
| CVE-2012-1145 | 1 Redhat | 2 Enterprise Linux, Satellite | 2022-02-03 | 5.0 MEDIUM | N/A |
| spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | |||||
| CVE-2022-23889 | 1 Yzmcms | 1 Yzmcms | 2022-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. | |||||
| CVE-2011-4339 | 2 Ipmitool Project, Redhat | 2 Ipmitool, Enterprise Linux | 2022-02-03 | 3.6 LOW | N/A |
| ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. | |||||
| CVE-2008-4870 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2022-02-03 | 2.1 LOW | N/A |
| dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | |||||
| CVE-2008-2369 | 1 Redhat | 1 Satellite | 2022-02-03 | 6.4 MEDIUM | N/A |
| manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||
| CVE-2008-2729 | 1 Linux | 1 Linux Kernel | 2022-02-03 | 4.9 MEDIUM | N/A |
| arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | |||||
| CVE-2008-1677 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2022-02-03 | 7.5 HIGH | N/A |
| Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression. | |||||
| CVE-2008-0892 | 1 Redhat | 2 Directory Server, Fedora Directory Server | 2022-02-03 | 9.0 HIGH | N/A |
| The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-1198 | 1 Redhat | 1 Enterprise Linux | 2022-02-03 | 7.1 HIGH | N/A |
| The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. | |||||
| CVE-2019-5528 | 1 Vmware | 1 Esxi | 2022-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available. | |||||
| CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 10 Fedora, Openslp, Enterprise Linux Desktop and 7 more | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | |||||